Risk and Vulnerability Assessments (RVA) – conduct assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. RVA services include but are not limited to: Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), and Database Assessment. Related Job Titles include but are not limited to: Risk/Vulnerability Analyst, Vulnerability Manager, Ethical Hacker, Computer Network Defense (CND) Auditor, Compliance Manager, and Information Security Engineer. Tasks include but are not limited to: ??Network Mapping – consists of identifying assets on an agreed upon IP address space or network range(s). ??Vulnerability Scanning – comprehensively identifies IT vulnerabilities associated with agency systems that are potentially exploitable by attackers. ??Phishing Assessment – includes activities to evaluate the level of awareness of the agency workforce with regard to digital form of social engineering that uses authentic looking, but bogus, emails request information from users or direct them to a fake Website that requests information. Phishing assessments can include scanning, testing, or both and can be conducted as a one- time event or as part of a larger campaign to be conducted over several months. ??Wireless Assessment – includes wireless access point (WAP) detection, penetration testing or both and is performed while onsite at a customer?fs facility. ??Web Application Assessment – includes scanning, testing or both of outward facing web applications for defects in Web service implementation may lead to exploitable vulnerabilities. Provide report on how to implement Web services securely and that traditional network security tools and techniques are used to limit access to the Web Service to only tho

Ancillary Supplies and/or Services – SUBJECT TO COOPERATIVE PURCHASING – Ancillary supplies and/or services are support supplies and services which are not within the scope of any other SIN on this schedule. These supplies and/or services may only be ordered in conjunction with or in support of supplies and/or services purchased under another SIN(s) in this solicitation to provide a solution to a customer requirement. This SIN may be used for orders and blanket purchase agreements that involve work or a project that is solely associated with the supplies and/or services purchased under this schedule. This SIN EXCLUDES purchases that are exclusively for supplies and/or services already available under another schedule and is limited to information technology (IT) products and/or services. Special Instructions: The work performed under this SIN shall be associated with existing SINs that are part of this schedule. Ancillary supplies and/or services shall not be the primary purpose of the work ordered, but be an integral part of the total solution offered. Ancillary supplies and/or services may only be ordered in conjunction with or in support of supplies and/or services purchased under another SIN in this schedule. Contractors may be required to provide additional information to support a determination that their proposed ancillary supplies and/or services are commercially offered in support of one or more SINs under this schedule. Note: Commercially available products under this solicitation may be covered by the Energy Star or Electronic Product Environmental Assessment Tool (EPEAT) programs. Applicable EPEAT-registered products are available at the Bronze level or higher.

1 Sync Technologies, LLC.(1 SYNC) is an 8(a) Certified, ISO 9001-2015 certified, Small Disadvantaged Business providing technical and professional services across Federal Agencies, the Department of Defense and to commercial
clients